iangcarroll / cookiemonsterLinks
πͺ CookieMonster helps you detect and abuse vulnerable implementations of stateless sessions.
β883Updated 4 months ago
Alternatives and similar repositories for cookiemonster
Users that are interested in cookiemonster are comparing it to the libraries listed below
Sorting:
- Accept URLs on stdin, replace all query string values with a user-supplied valueβ818Updated 2 years ago
- A python tool used to discover endpoints, potential parameters, and a target specific wordlist for a given targetβ1,345Updated 2 weeks ago
- declutters url lists for crawling/pentestingβ1,377Updated 3 months ago
- Tool for discovering the origin host behind a reverse proxy. Useful for bypassing cloud WAFs!β869Updated last year
- A collection of special paths linked to common sensitive APIs, devops internals, frameworks conf, known misconfigurations, juicy APIs ..eβ¦β973Updated 11 months ago
- The most exhaustive list of reliable DNS resolvers.β789Updated this week
- A fuzzer for detecting open redirect vulnerabilitiesβ752Updated 11 months ago
- DNSGen is a powerful and flexible DNS name permutation tool designed for security researchers and penetration testers. It generates intelβ¦β978Updated 5 months ago
- Pull out bits of URLs provided on stdinβ1,185Updated last year
- Open Redirection Analyzerβ782Updated 2 years ago
- Community edition nuclei templates, a simple tool that allows you to organize all the Nuclei templates offered by the community in one plβ¦β979Updated last month
- Fetches javascript file from a list of URLS or subdomains.β775Updated 2 years ago
- A tool to check a bunch of URLs that contain reflecting params.β577Updated 10 months ago
- An IIS short filename enumeration toolβ940Updated 6 months ago
- REcollapse is a helper tool for black-box regex fuzzing to bypass validations and discover normalizations in web applicationsβ1,101Updated last month
- MassDNS wrapper written in go to enumerate valid subdomains using active bruteforce as well as resolve subdomains with wildcard filteringβ¦β1,438Updated this week
- Automation for javascript recon in bug bounty.β1,004Updated last year
- Extract URLs, paths, secrets, and other interesting bits from JavaScriptβ1,566Updated last year
- Escalate your SSRF vulnerabilities on Modern Cloud Environments. `surf` allows you to filter a list of hosts, returning a list of viable β¦β638Updated last year
- GF Paterns For (ssrf,RCE,Lfi,sqli,ssti,idor,url redirection,debug_logic, interesting Subs) parameters grepβ1,317Updated 8 months ago
- The Fairly Fast Fetcher. Requests a bunch of URLs provided on stdin fairly quickly.β404Updated last year
- An exhaustive list of all the possible ways you can chain your Blind SSRF vulnerabilityβ872Updated 3 years ago
- Go client to communicate with Chaos DB API.β727Updated this week
- Obtain GraphQL API schema even if the introspection is disabledβ1,204Updated 8 months ago
- Burp Extension to find potential endpoints, parameters, and generate a custom target wordlistβ1,370Updated last month
- Making Favicon.ico based Recon Great again !β1,203Updated last year
- Small tool to Grab subdomains using Shodan api.β459Updated 7 months ago
- PwnFox is a Firefox/Burp extension that provide usefull tools for your security audit.β1,160Updated 9 months ago
- bypass-url-parserβ1,071Updated this week
- β454Updated 4 months ago